Dataflow-based Control Process Identification for ICS Dataset Development

Dataflow-based Control Process Identification for ICS Dataset Development

연구 분야: Infrastructure

학회: CSET '22: Proceedings of the 15th Workshop on Cyber Security Experimentation and Test

There has been increasing interest in and demand for relevant datasets for machine learning-based anomaly detection research in academia and industry. The industrial control system (ICS) has become larger and more complex, and it is difficult for humans to understand the configuration and operation of the system. Normal and attack scenario plans based on partial knowledge are inevitably biased, and insufficient data annotations limit the performance verification. It is practically difficult to manually identify all tags used for system monitoring and control and their causal relationships. Therefore, we propose a method to generate a data flow graph from process control information such as input/output tags, control processes, and various control parameter values extracted from the database of the control system. It will be the basis for systematic scenario composition and provide information for the analysis of cause and ripple effects when the state of a specific point (control device, sensor, actuator, etc.) is changed. We applied the proposed method to a HAI testbed and confirmed its feasibility by using it to develop a dataset.